in reply to
Re: Change a user's Kerberos Password?
in thread Change a user's Kerberos Password?
Looking at the change_LDAP_password function in locksmith (at least in trunk) I notice you are hashing and replacing the attribute directly. It is probably easier/cleaner/better? to test for and use the ldap exop for password changes:
$msg = $ldaph->set_password(user => $dn, newpasswd => $newpass, oldpasswd => $oldpass);
This will let stuff like the openLdap smpk5pwd and ppolicy modules take care of other password related stuff like syncing NT/LANMAN passwords (needed for MSCHAP/eap/peap for wifi via radius) and password policy enforcement on the server. It also handles the encryption on the server with whatever standard the admin has setup in it there.